2202fcc19f
By default Android only allows processes to lock up to 65536 bytes of
memory, resulting from the command 'setrlimit memlock 65536 65536' in
system/core/rootdir/init.rc. The recent Keystore changes to create each
user's super keys at user creation time cause Keystore to sometimes lock
more memory and sometimes exceed this limit. To reproduce this issue
myself, I had to create almost 100 users. However, it apparently can
happen with fewer users too, based on CTS test failure report.
Fix this issue by setting the memlock limit for keystore2 to unlimited.
Note that the amount actually used remains fairly small, but I don't
think there's a reason to set an arbitrary limit here. A memlock limit
makes sense for unprivileged apps but not for system processes.
Bug: 296464083
Bug: 314474709
Bug: 314561033
Test: adb shell setprop debug.user.creation_override 1
for i in `seq 1 100`; do adb shell pm create-user --profileOf 0 --managed profile; done
adb logcat | grep -i keystore
# Saw ENOMEM error near the end without this CL, but not with it.
Flag: Not feasible to flag this CL, and it's a pretty safe change.
Change-Id: I3ef062d737ffb1431dca78c0d568ad6c2d713de6
15 lines
616 B
Text
15 lines
616 B
Text
# Start the keystore2 service.
|
|
# Keystore 2.0 changes its working directory to the first positional
|
|
# command line option, i.e., /data/misc/keystore, where it stores its
|
|
# database.
|
|
# Keystore shall run as user keystore and groups keystore, readproc, and log.
|
|
#
|
|
# See system/core/init/README.md for information on the init.rc language.
|
|
|
|
service keystore2 /system/bin/keystore2 /data/misc/keystore
|
|
class early_hal
|
|
user keystore
|
|
group keystore readproc log
|
|
task_profiles ProcessCapacityHigh
|
|
# The default memlock limit of 65536 bytes is too low for keystore.
|
|
rlimit memlock unlimited unlimited
|